Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access
🔗 CVE IDs covered (1)
📋 Description
Impact
When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive information or allow disruptive administrative operations, such as:
- Exposing TLS secrets
- Disrupting traffic in the cluster
- Terminating the Envoy process
This issue affects both the embedded and standalone Envoy deployment models.
Patches
This issue affects:
- Cilium v1.19 between v1.19.0 and v1.19.1 inclusive
- Cilium v1.18 between v1.18.0 and v1.18.7 inclusive
- All versions of Cilium prior to v1.17.14
This issue has been patched in https://github.com/cilium/cilium/pull/44512, included in:
- Cilium v1.19.2
- Cilium v1.18.8
- Cilium v1.17.14
Workarounds
There is no known workaround to this issue.
Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to moemen for reporting the issue and 0xch4z for their work on triaging and remediating this issue.
For more information
If there are any questions or comments about this advisory, please reach out on [Slack (https://docs.cilium.io/en/latest/community/community/).
If anyone thinks they have found a vulnerability affecting Cilium, it is strongly encouraged to report it to the security mailing list at [email protected]. This is a private mailing list for the Cilium security team, and the report will be treated as a top priority.
🎯 Affected products3
- go/github.com/cilium/cilium:>= 1.19.0, < 1.19.2
- go/github.com/cilium/cilium:>= 1.18.0, < 1.18.8
- go/github.com/cilium/cilium:< 1.17.14